-------- Original Message -------- Subject: A possible counter-RFID strategy Date: Mon, 3 May 2004 07:57:30 -0400 From: Rich Kulawiec <rsk@private> To: Declan McCullagh <declan@private> (An edit of something I sent to the folks at nocards.org last summer) Having followed the recent RFID-related messages on Politech, I thought I'd send this along. First, a small historical diversion: back in the 1980's, there were rumors that the NSA had a complete Usenet feed going into its data centers. In reaction, Usenet article authors began to include what were called "NSA fodder" in the headers and bodies of their articles; text strings like: Moscow nuke Iran Kremlin secret spy CIA transmission were put there to (at least in theory) cause the text-analysis programs and perhaps the human beings analyzing the incoming data at the NSA to work a bit harder. Nobody (I hope) took this very seriously, but it does illustrate an interesting point about approaches to frustrating unwanted data collection, and that is that there are two ways to do that: 1. Deny the data to the collectors. 2. Give them all the data they could possibly hope for... but fill it with so much noise that it's useless. In the case of RFID tags, so many people are all over their deployment that approach #1 may now be effectively impossible. Fine. Let them knock themselves out putting RFID tags on and in everything and tracking them and accumulating all the data, and spending lots and lots of money and time setting all that up. Meanwhile, let's try approach #2. After all, there's no reason why you and I can't have our own RFID scanners, and locate the tags that we happen to find in our possession, now is there? And if I felt like, oh, removing the tag from my new shirt and sticking it in a city bus seat, or extracting the tag from a new lawn sprinkler and putting it in on a shopping cart back at the store where I bought it, well, why not? Now imagine the consequences if 20 million people did the same. We could even have little exchanges where we throw all our tags in a pile and randomly take some away to play with -- the point being that then not even *we* know what happened to them. I find it very satisfying to think that someone trying to figure out where my bicycle helmet is at the moment will actually be tracking a Walmart (rushing headlong toward adoption of RFID) manager's car that happened to parked somewhere nearby when I felt like transplanting the RFID tag. RFID tags from all kinds of things could be randomly planted everywhere: in an airplane seat, in a newspaper at the library, in a copy of a rented video, EVERYWHERE. Some could be transplanted to similar items; others to completely different ones. And so on. I'm not suggesting that anyone abandon the fight against the intrusive and abusive uses of RFID by any means; I'm just suggesting that one possible countermeasure to make whatever deployment goes forward far less effective than its backers hope is to cause their RFID trackers to record huge amounts of completely useless data. [1] This is relatively easy to do, and could actually be turned into a rather amusing exercise in competitive ingenuity. [2] But more seriously, if a sufficient number of people participate, and thus a sufficient number of RFID tags are pressed into service generating bogus data, it will discredit them and devalue their usefulness, thus discouraging their further adoption and undercutting attempts to rely on them for some of their more Orwellian possible uses. It's a shame that something like this is necessary: but given the total lack of respect for privacy and any semblance of self-restraint on the part of governments and corporations, it is. --Rsk [1] Most importantly, "useless data" that will be very difficult to distinguish from useful data. Every communications engineer learns that separating signal from noise is relatively easy when they have very different properties, but much harder when they're the same. Hence the need to transplant at least some RFID tags to similar items, thus generating bogus but hard-to-spot-as-bogus data. [2] "I'd like to thank you for coming to testify before our committee today, Mr. Ashton, and as my first question, I'd like you to explain why the Senate's RFID scanner indicates that you walked in here with a cheese grater, a copy of the latest Harry Potter video, a forklift, and the latest issue of 'Motorcycle Babes' on your person." _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Tue May 04 2004 - 22:45:36 PDT